Staff Security Engineer, Product Security

Staff Security Engineer, Product Security.

Location: #San_Francisco, #Seattle.
Salary: $215,000 - $265,000 a year.
Employer: Aircall.

Responsibilities:
• Drive and scale secure-by-design practices across product and engineering teams, integrating security into design, development, CI/CD, and release workflows.
• Lead security design and architecture reviews for major product initiatives; define security requirements, controls, and patterns that teams can adopt consistently.
• Own and evolve threat modeling practices, ensuring risks are systematically identified early and mitigations are validated.
• Perform deep technical assessments (manual code review, targeted security testing, validation of fixes) for high-impact findings and critical services.
• Identify and reduce classes of vulnerabilities across Aircall’s codebases and services (e.g., auth/authz flaws, injection, logic issues, SSRF, API security, cloud misconfigurations).
• Build and improve security tooling and automation that scales across engineering (e.g., guardrails, CI checks, policy-as-code, leveraging AI for autonomous security-review processes  that don’t slow delivery).
• Triage and drive remediation of vulnerabilities discovered through internal testing, automated detection, and external reports (including coordinated disclosure where applicable).
• Investigate and respond to product security incidents, helping with containment, root cause analysis, and prevention. Participate in on-call/threat-response rotations, escalating and coordinating during high-severity events.
• Stay up to date on attacker techniques (MITRE ATT&CK, red team reports, threat intel) and propose new detection patterns or responses accordingly.
• Serve as a trusted advisor to engineering and product leadership, translating security risks into pragmatic, prioritized actions and tradeoffs.
• Own cross-team product security initiatives (e.g., secure SDLC improvements, secure design frameworks, security champions, org-wide security patterns and standards).
• Mentor and up-level engineers across security and product teams through reviews, pairing, coaching, and security education.

Requirements:
• 8+ years of relevant experience in Product Security / Application Security / Secure Software Engineering (or equivalent).
• Proven track record of leading product security work across multiple teams and influencing architecture and SDLC maturity at scale.
• Strong foundation in secure design, threat modeling, vulnerability discovery, and remediation strategies.
• Proficient with one or more of Programming languages ( Python/Java/JavaScript) and ability to read code to identify security defects.
• Knowledge of common vulnerability classes and modern application risks (OWASP Top 10, API security, identity/auth patterns, cloud-native risk).
• Experience designing or contributing to scalable, automated security review or decision-support workflows, including the use of AI-assisted systems to improve consistency, speed, or coverage.
• Familiarity with cloud-native infrastructure security (AWS/GCP/Azure + Kubernetes) and service-to-service security patterns
• High degree of autonomy, initiative, and ownership; ability to drive entire initiatives with minimal oversight.
• Strong communication skills and ability to drive alignment across engineering/product partners.

⚡ Показать контакты

#Гибрид #ИБ